Issue 74 - Encrypting Passwords - Proposed Changes

["Hal Lockhart" <hlockhar@bea.com>]

Insert after Line 1542:

When a password is encrypted in addition to the normal threats against any
encryption, two password-specific threats must be considered: replay and
guessing. If an attacker can impersonate a user by replaying an encrypted or
hashed password, then learning the actual password is not necessary. One
method of preventing replay is to use a nonce as mentioned previously.
Generally it is also necessary to use a timestamp to put a ceiling on the
number of previous nonces that must be stored. However, in order to be
effective the nonce and timestamp must be signed. If the signature is also
over the password itself, prior to encryption, then it would be a simple
matter to used the signature to perform an offline guessing attack against
the password. This threat can be countered in any of several ways including:
don't include the password under the signature (the password will be
verified later) or sign the encrypted password.

Hal